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DETAILED ACTION 

1 . This Office Action is responsive to the Applicant's amendment filed 4-1 3-09. The 
Applicant's submissions on 6-9-09 and 6-17-09 regarding Power of Attorney in the 
instant Application are noted. 

2. Claims 1-3, 5, 6, 10-17, 20, 21, and 23-46 are pending and have been examined. 

EXAMINER'S AMENDMENT 

3. An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Thomas Anderson on 8-1 1-09. 

The Application is amended as follows: 
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IN THE CLAIMS 

Please amend claims 1-3, 5, 6, 10-17, 20, and 23-46 as shown below: 

1 (Currently Amended). A computer implemented method for identifying network traffic 
comprising: 

receiving pattern matching data at an interface : 
comparing the pattern matching data with each of a plurality of patterns 
using at least one computer : 

for each pattern, determining whether the pattern matching data matches 

the pattern; 

for each pattern that the pattern matching data is determined to match, 
including a pattern match score corresponding to the pattern in an application protocol 
score associated with an application protocol with which the pattern is associated, 
wherein the application protocol comprises one of a plurality of application protocols and 
each pattern is associated with a corresponding one of the plurality of application 
protocols; and 

concluding that a network traffic with which the pattern matching data is 
associated is associated with a determined application protocol that has a highest 
application protocol score among the plurality of application protocols. 
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2 (Currently Amended). The computer implemented [A] method for i d e nt i fy i ng n e twork 
traff i c as recited in Claim 1 , wherein the pattern matching data includes application data. 

3 (Currently Amended). The computer implemented [A] method for i d e nt i fy i ng n e twork 
traff i c as recited in Claim 1, in the event that the pattern matching data matches the 
pattern, further including determining a property associated with the network traffic. 

5 (Currently Amended). The computer implemented [A] method for i d e nt i fy i ng n e twork 
traff i c as recited in Claim 1, in the event that the data matches the pattern, further 
including determining a property associated with the data and assigning a score for the 
property. 

6 (Currently Amended). The computer implemented [A] method for i dent i fy i ng network 
traff i c as recited in Claim 1, in the event that the data matches the pattern, further 
including determining a property associated with the data; and applying a policy based 
on the property. 

10 (Currently Amended). The computer implemented [A] method for i d e nt i fy i ng n e twork 
traff i c as recited in Claim 1 , wherein the pattern matching data includes a string selected 
from a packet. 
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1 1 (Currently Amended). The computer implemented [A] method for i d e nt i fy i ng n e twork 
traff i c as recited in Claim 1, wherein the pattern matching data includes concatenated 
application data of a plurality of packets. 

12 (Currently Amended). The computer implemented [A] method for i d e nt i fy i ng n e twork 
traff i c as recited in Claim 1 , wherein the pattern includes a regular expression. 

13 (Currently Amended). The computer implemented [A] method for i d e nt i fy i ng n e twork 
traff i c as recited in Claim 1, wherein the pattern includes application protocol 
information. 

14 (Currently Amended). The computer implemented [A] method for i d e nt i fy i ng n e twork 
traff i c as recited in Claim 1, wherein the pattern includes commonly used port 
information. 

15 (Currently Amended). The computer implemented [A] method for i d e nt i fy i ng n e twork 
traff i c as recited in Claim 1, in the event the data does not match the pattern, further 
comprising returning a failure indicator. 

16 (Currently Amended). The computer implemented [A] method for i dent i fy i ng network 
traff i c as recited in Claim 1, wherein th e st e p of determining whether the pattern 
matching data matches the pattern is performed at the beginning of a session with 
respect to packets received at the beginning of the session. 
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17 (Currently Amended). The computer implemented [A] method for i dent i fy i ng network 
traff i c as recited in Claim 1, wherein comparing the pattern matching data with a pattern 
is performed for each received data. 

20 (Currently Amended). A system for identifying network traffic comprising: 
an interface configured to receive pattern matching data; and 
a processor configured to: 

compare the pattern matching data with each of a plurality of patterns; 

for each pattern, determine whether the pattern matching data matches 

the pattern; 

for each pattern that the pattern matching data is determined to match, 
include a pattern match score corresponding to the pattern in an application protocol 
score associated with an application protocol with which the pattern is associated, 
wherein the application protocol comprises one of a plurality of application protocols and 
each pattern is associated with a corresponding one of the plurality of application 
protocols; and 

conclude that a network traffic with which the pattern matching data is 
associated is associated with a determined application protocol that has a highest 
application protocol score among the plurality of application protocols. 

23 (Currently Amended). The [A] system for i d e nt i fy i ng n e twork traff i c as recited in 
Claim 20, wherein the pattern matching data includes application data. 
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24 (Currently Amended). The [A] system for id e nt i fy i ng n e twork traff i c as recited in 
Claim 20, wherein the processor is further configured to determine a property 
associated with the network traffic in the event that the pattern matching data matches 
the pattern. 

25 (Currently Amended). The [A] system for i d e nt i fy i ng n e twork traff i c as recited in 
Claim 20, wherein the processor is further configured to determine a property 
associated with the data and assign a score for the property in the event that the data 
matches the pattern. 

26 (Currently Amended). J_he [A] system for i dent i fying network traff i c as recited in 
Claim 20, wherein the processor is further configured to determine a property 
associated with the data and apply a policy based on the property in the event that the 
data matches the pattern. 

27 (Currently Amended). The [A] system for i d e nt i fy i ng n e twork traff i c as recited in 
Claim 20, wherein the pattern matching data includes a string selected from a packet. 

28 (Currently Amended). The [A] system for i d e nt i fy i ng n e twork traff i c as recited in 
Claim 20, wherein the pattern matching data includes concatenated application data of 
a plurality of packets. 
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29 (Currently Amended). The [A] system for i d e nt i fy i ng n e twork traff i c as recited in 
Claim 20, wherein the pattern includes a regular expression. 

30 (Currently Amended). The [A] system for i d e nt i fy i ng n e twork traff i c as recited in 
Claim 20, wherein the pattern includes application protocol information. 

31 (Currently Amended). The [A] system for i d e nt i fy i ng n e twork traff i c as recited in 
Claim 20, wherein the pattern includes commonly used port information. 

32 (Currently Amended). J_he [A] system for i dent i fy i ng network traff i c as recited in 
Claim 20, wherein the processor is further configured to return a failure indicator in the 
event the data does not match the pattern. 

33 (Currently Amended). The [A] system for i d e nt i fy i ng n e twork traff i c as recited in 
Claim 20, wherein the processor is further configured to determine at the beginning of a 
session whether the pattern matching data matches the pattern. 

34 (Currently Amended). The [A] system for id e nt i fy i ng n e twork traff i c as recited in 
Claim 20, wherein the processor is configured to compare the pattern matching data 
with a pattern for each received data. 

35 (Currently Amended). The [A] computer program product as recited in Claim 21, 
wherein the pattern matching data includes application data. 
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36 (Currently Amended). The [A] computer program product as recited in Claim 21, 
further comprising computer instructions for determining a property associated with the 
network traffic in the event that the pattern matching data matches the pattern. 

37 (Currently Amended). Jhe [A] computer program product as recited in Claim 21, 
further comprising computer instructions for determining a property associated with the 
data and assigning a score for the property in the event that the data matches the 
pattern. 

38 (Currently Amended). The [A] computer program product as recited in Claim 21, 
further comprising computer instructions for determining a property associated with the 
data; and applying a policy based on the property in the event that the data matches the 
pattern. 

39 (Currently Amended). The [A] computer program product as recited in Claim 21, 
wherein the pattern matching data includes a string selected from a packet. 

40 (Currently Amended). The [A] computer program product as recited in Claim 21, 
wherein the pattern matching data includes concatenated application data of a plurality 
of packets. 

41 (Currently Amended). Jhe [A] computer program product as recited in Claim 21, 
wherein the pattern includes a regular expression. 
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42 (Currently Amended). The [A] computer program product as recited in Claim 21, 
wherein the pattern includes application protocol information. 

43 (Currently Amended). The [A] computer program product as recited in Claim 21, 
wherein the pattern includes commonly used port information. 

44 (Currently Amended). The [A] computer program product as recited in Claim 21, 
further comprising computer instructions for returning a failure indicator in the event the 
data does not match the pattern. 

45 (Currently Amended). The [A] computer program product as recited in Claim 21, 
wherein tho stop of determining whether the pattern matching data matches the pattern 
is performed at the beginning of a session with respect to packets received at the 
beginning of the session. 

46 (Currently Amended). The [A] computer program product as recited in Claim 21, 
wherein comparing the pattern matching data with a pattern is performed for each 
received data. 
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Allowable Subject Matter 

4. Claims 1-3, 5, 6, 10-17, 20, 21, and 23-46 are allowed. 

5. The following is an examiner's statement of reasons for allowance: 

The closest prior art in the field does not teach the combination of features of the 
claimed invention, particularly including the Applicant's technique for identification of 
network traffic involving assigning a pattern matching score to network traffic patterns 
based on a comparison with reference pattern matching data, and where the pattern 
matching score corresponds to an application protocol score for application protocols 
associated with the network traffic patterns. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Conclusion 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Paul E. Callahan whose telephone number is (571) 272- 
3869. The examiner can normally be reached on M-F from 9 to 5. 

If attempts to reach the examiner by telephone are unsuccessful, the Examiner's 
supervisor, Emmanuel Moise, can be reached on (571) 272-3865. The fax phone 
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number for the organization where this application or proceeding is assigned is: (571) 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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/Matthew B Smithers/ 

Primary Examiner, Art Unit 2437 



